You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Spyware.iemonster.b And Adware Zlob.pornadviser.ba

hello i am new at his forum and i have problems with spyware.iemonster.b and adware zlob.pornadviser.bamy internet explorer does not work properly and some desktop icons about porn sites appear. also windows keep saying things about these malware. i am posting my HJT log

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!

Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Begin scan in 'C:\'C:\pagefile.sys [WARNING] The file could not be opened!C:\Documents and Settings\Ozgun KARAKULLUKCU\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\fil489CEFE9.dat [0] Archive type: GZ --> fil489CEFE9 [DETECTION] Is the Trojan horse TR/Agent.aox [INFO] The file was moved to '4825bece.qua'!C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll [WARNING] The file could not be opened!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003370.dll [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [INFO] The file was moved to '47e9c21c.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003371.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [INFO] The file was moved to '464691c5.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003385.exe [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [INFO] The file was moved to '47e9c21d.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [INFO] The file was moved to '464691c6.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003388.exe [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [INFO] The file was moved to '47e9c21f.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003390.exe [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [INFO] The file was moved to '47e9c21e.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003525.dll [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [INFO] The file was moved to '47e9c222.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003526.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [INFO] The file was moved to '464691fb.qua'!C:\System Volume Information\_restore{33264E28-388D-4B24-B3D4-8F5054B60F6A}\RP35\A0003755.exe [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen [INFO] The file was moved to '47e9c229.qua'!C:\WINDOWS\system32\winmqx32.dll [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [INFO] The file was moved to '4827c41f.qua'!C:\WINDOWS\system32\winosz32.dll [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen [INFO] The file was moved to '4827c420.qua'!Begin scan in 'F:\'F:\hiberfil.sys [WARNING] The file could not be opened!Begin scan in 'G:\' <My Book>

i follow the instructions on the website but it gets stuck after it says "scanning for infected files" for more than half an hour. i tried it 3 times. do you have an idea what the problem is?here is my fresh HJT log

Yes, I have an idea what the problem is - and that is the fact that you have two antivirus installed in a meanwhile now.In your first log, you didn't have an Antivirus installed, so I asked you to install Avira, and now I suddenly see you have installed Norton/symantec on top.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.

Then try Combofix again, but disable your Antivirus first.If that didn't make any difference, try it from Windows Safe mode.

°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.

Sidenote, I see you have the Nvidia Firewall (NetworkAccessManager) installed. I want to make you aware of the fact that this one may cause a lot of problems as this is a buggy firewall and is incompatible with a lot of software and hardware.

Anyway, we'll try it again afterwards. We need to remove another nasty infection first as well..

Please disable your Norton, as it may interfere.

Then, Download haxfix.exe.Save it to your desktop.Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)Checkmark "Create a desktop icon".Click "Next".When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.Click "Finish".A red "dos window" (dos box) will open.Select option 1. Make logfile by typing 1 and then pressing Enter.Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txtCopy the contents of that logfile and paste it into this thread.

It's because your system is so severly infected that you have so many problems... and also because - as I already explained previously, your Nvidia Firewall has a lot of incompatibility issues with other software installed. In a meanwhile you installed Norton/symantec as well, so that may also explain why you're having problems with normal mode.

Doubleclick haxfix.exe present on your desktop.Close all other open windows since this step requires a reboot.

Select option 2. Run auto fix by typing 2, and then pressing Enter.If an infection is found, you'll get a message to close all other open windows.Close them, except the red dos window from haxfix and then press Enter.The computer will reboot.After reboot a logfile will open. Post the contents of that logfile along with a new hijackthislog.

hi i did eveything you said and my pc works fine in normal mode. i think i don't have any problems but maybe you can check that too. i really thank you for your help and i am sending the haxfix log and the fresh HJT log

HAXFIX logfile - by Marckie

version 5.00.22008-02-19 18:53:26.57

--- Auto Haxdoorfix ---

Haxdoorfix Part 1

no infections found

Haxdoorfix Part 2

searching for notifykeysno notifykeys found

searching for servicesno services found

searching for safeboot servicesno safeboot services found

--- Goldunfix ---

searching for other goldun- and haxdoorfiles:C:\WINDOWS\system32\hrpdcf.binC:\WINDOWS\system32\kl80.bin

checking iexplore.exeiexplore.exe is not infected

searching for SSODLkeysno SSODLkeys found

searching for notifykeys isodvrtg

searching for servicesisodvstg

deleting service isodvstg[SWSC] DeleteService SUCCESS

--- Registrysettings ---

not necessary

.....rebooting the computer.....

--- searching for ssodlkeys ---

not necessary

--- searching for notifykeys ---

notifykey isodvrtg not found

--- searching for services ---

service isodvstg not found

--- searching for safeboot services ---

not necessary

--- searching for files ---

C:\WINDOWS\system32\hrpdcf.bin founddeleting C:\WINDOWS\system32\hrpdcf.binC:\WINDOWS\system32\hrpdcf.bin has been deleted

C:\WINDOWS\system32\kl80.bin founddeleting C:\WINDOWS\system32\kl80.binC:\WINDOWS\system32\kl80.bin has been deleted

C:\WINDOWS\system32\isodvrtg.dll founddeleting C:\WINDOWS\system32\isodvrtg.dllC:\WINDOWS\system32\isodvrtg.dll has been deleted

C:\WINDOWS\system32\isodvstg.sys founddeleting C:\WINDOWS\system32\isodvstg.sysC:\WINDOWS\system32\isodvstg.sys has been deleted